Mohammed Shekha(Open ERP) has proposed merging
lp:~openerp-dev/openerp-web/6.1-opw-578551-msh into lp:openerp-web/6.1.
Requested reviews:
OpenERP Core Team (openerp)
For more details, see:
https://code.launchpad.net/~openerp-dev/openerp-web/6.1-opw-578551-msh/+merge/123010
Hello,
Fixed the issue of one2many which sending extra values as a link_to tuple hence
for that write is called, due to which access error is generated for the user
who has only create access not write access.
Demo :- Edit the access right for any user -> Settings -> Security -> Access
Control List -> Search for the Attendance object -> Changed the rights for
"Human Resource / Employee" Group remove the write access.
Now Go to Human Resource -> Attendances -> Attendances edit any record and
create one one2many line nothing else and save the record.
Result :- It will give access error that user don't have write access, even
though record is not edited we have just created a one2many record, which will
call create of one2many but due to extra link_to record write is called.
Expected :- Here user didn't touch other field of the form and just created the
one2many record, so only that record should be send to server to create, but
here other one2many records are also sended with to_link tuple, behaviour
should be if there is to_link record then and then tuple (4, id, false) created
otherwise only to_create i.e. (0,0,values) should go as a data.
Thanks.
--
https://code.launchpad.net/~openerp-dev/openerp-web/6.1-opw-578551-msh/+merge/123010
Your team OpenERP R&D Team is subscribed to branch
lp:~openerp-dev/openerp-web/6.1-opw-578551-msh.
=== modified file 'addons/web/static/src/js/data.js'
--- addons/web/static/src/js/data.js 2012-09-03 13:17:44 +0000
+++ addons/web/static/src/js/data.js 2012-09-06 05:31:22 +0000
@@ -707,6 +707,7 @@
this.to_delete = [];
this.to_create = [];
this.to_write = [];
+ this.to_link = [];
this.cache = [];
this.delete_all = false;
},
=== modified file 'addons/web/static/src/js/view_form.js'
--- addons/web/static/src/js/view_form.js 2012-09-03 13:17:44 +0000
+++ addons/web/static/src/js/view_form.js 2012-09-06 05:31:22 +0000
@@ -2584,6 +2584,7 @@
self.dataset.to_delete.push({id: command[1]});
return;
case commands.LINK_TO:
+ self.dataset.to_link.push({id: command[1]});
ids.push(command[1]);
return;
case commands.DELETE_ALL:
@@ -2622,17 +2623,20 @@
return [];
this.save_any_view();
var val = this.dataset.delete_all ? [commands.delete_all()] : [];
- val = val.concat(_.map(this.dataset.ids, function(id) {
+ _.each(this.dataset.ids, function(id){
var alter_order = _.detect(self.dataset.to_create, function(x) {return x.id === id;});
if (alter_order) {
- return commands.create(alter_order.values);
+ val.push(commands.create(alter_order.values));
}
alter_order = _.detect(self.dataset.to_write, function(x) {return x.id === id;});
if (alter_order) {
- return commands.update(alter_order.id, alter_order.values);
- }
- return commands.link_to(id);
- }));
+ val.push(commands.update(alter_order.id, alter_order.values));
+ }
+ alter_order = _.detect(self.dataset.to_link, function(x) {return x.id === id;});
+ if (alter_order) {
+ val.push(commands.link_to(alter_order.id));
+ }
+ });
return val.concat(_.map(
this.dataset.to_delete, function(x) {
return commands['delete'](x.id);}));
_______________________________________________
Mailing list: https://launchpad.net/~openerp-dev-gtk
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openerp-dev-gtk
More help : https://help.launchpad.net/ListHelp
